Nick Statt reports: Whisper, an anonymous secret-sharing mobile app that rose to prominence more than half a decade ago, has been inadvertently exposing sensitive information about its users for years through a public online database, according to a new report from The Washington Post. The app, while far from as popular as it was in the few years…
Category: Exposure
Brazil: Millions of Records Leaked, Including Biometric Data
Jim Wilson reports: The security research team at Safety Detectives has discovered a significant data leak in addition to other security flaws (such as lack of password protection) relating to fingerprint data on an Antheus log server in Brazil. Our team, led by Anurag Sen, discovered almost 2.3 million data points in total and estimates that…
University of Hertfordshire avoids data breach action by UK watchdog
Charlie Osborne reports: The University of Hertfordshire has avoided an investigation by the ICO into its data-sharing practices after exposing student information. The security incident took place in November 2019, in which a bulk email promoting an art lecture also included an attachment containing the names and email addresses of approximately 2,000 students. Read more…
US property and demographic database of 200 million records leaked on the web
Paul Bischoff reports: An exposed online database consisting of some 200 million records included a wide range of sensitive personal and demographic data about residents and their properties. Homeowners were identified as well as info about their credit ratings, net worth, and income, among other details. At this time we have not been able to…
Israeli Marketing Company Straffic Exposes 140 GB Contacts Database
Jeremy Kirk reports: An Israeli marketing company left authentication credentials for an Elasticsearch database online, exposing more than 140 GB worth of contact details for individuals in the U.S. and Europe. The exposed data includes names, email addresses, phone numbers, physical addresses and genders, but not all records have those fields completed, according to a…
UK: Rotherwood Healthcare AWS bucket security fail left elderly patients’ DNR choices freely readable online
Gareth Corfield reports: A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, detailed care plans and precisely how much councils paid for individual patients’ care. Not only did Rotherwood Care Group, trading as Rotherwood Healthcare, leave an Amazon Web Services S3 bucket accessible to everyone…